Allowing your employees to make mistakes in a safe sandbox environment could prevent the real thing
A company can spend all the funds it wants on the latest cybersecurity technology, like firewalls, threat detection, artificial intelligence and machine learning tools, but there is one security risk that can't blocked from entering the company networks: the employee.
But in many cases it's a lax or ill-informed attitude to cybersecurity by staff which is potentially putting organisations at risk, with employees falling victim to phishing one of the major reasons that data breaches occur.
And the problem is only going to become trickier to solve because people are becoming more connected than ever, offering hackers additional opportunities to find that one weakness that allows them access.
You can't have a one-size-fits-all training programme; if you're training your developers, you're going to need different content to what you're using to train your sales people, finance or HR people," says Rik Ferguson, VP of security research at Trend Micro, who stresses the importance of making cybersecurity training interesting, something many companies aren't doing.
"Make it relevant, make it contextual, make it interactive; because there's nothing worse with being presented with an online slide deck you have to click through to read and do the quiz at the end - but they're so common," he says.